Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 4, 2023

A trio of vulnerabilities in a popular open-source code package pertaining to the PyTorch ecosystem has been found affecting numerous top organizations around the world. A hacker could potentially abuse the bugs to manipulate, access, or delete AI models and sensitive data transmitted between an organization and their TorchServe servers. Meanwhile, a batch of Mirai-derived botnets was spotted in the wild. Known as hailBot, kiraiBot, and catDDoS, these variants employ enhanced anti-analysis and detection evasion techniques.

In other news, Qualcomm issued patches for over two dozen vulnerabilities, including three zero-days reported by Google's cybersecurity teams. Though no reports of exploitation so far, experts suggest users exercise utmost precautions for Android and iOS devices incorporating Qualcomm chips.

Top Breaches Reported in the Last 24 Hours

Same group targets NATO twice

Hacker group SiegedSec allegedly infiltrated NATO's computer systems and stole approximately 3,000 documents. This would mark the second time in three months that SiegedSec has claimed to have breached the NATO network. While the authenticity of the claims remains unverified, NATO has reported no considerable impact on NATO missions, operations, or military deployments. SiegedSec has previously attacked NATO and other organizations, citing political motivations rather than financial gain.

Massive attack grips Lyca Mobile

Lyca Mobile, a mobile virtual network operator (MVNO) with over 16 million customers across 23 countries, suffered a cyberattack impacting its services in most markets except the US, Australia, Ukraine, and Tunisia. While the company hasn't confirmed whether it was a ransomware attack, experts suggest it's likely. Alternatively, it might have been a traditional hack, potentially exposing customer data.

Wisconsin county held at ransom

Rock County in Wisconsin was hit by a ransomware attack that targeted its public health department. The county, which serves over 160,000 residents across 25 cities, villages, and towns, detected the cyberattack on September 29 and took some systems offline to prevent further impact. The Cuba ransomware gang has claimed responsibility for the attack and said to have stolen data, including financial documents and tax information. While efforts for restoration are on, security experts are trying to understand the scope of the incident.

Top Malware Reported in the Last 24 Hours

Variants of Mirai making waves

Several new Mirai botnet-based variants have been discovered, with hailBot, kiraiBot, and catDDoS being the most active and widespread. hailBot supports four DDoS attack methods based on TCP and UDP protocols, whereas kiraiBot is designed to support six DDoS attack modes. On the other hand, catDDoS introduces the ChaCha20 algorithm to encrypt and store key information. These variants have made changes to the Mirai source code to enhance their anti-detection capabilities.

Top Vulnerabilities Reported in the Last 24 Hours

TorchServe flaws pose serious risks

Security researchers at Oligo Security identified three security flaws, collectively named ShellTorch, in TorchServe, an open-source tool used to scale PyTorch machine-learning models in production. These flaws could potentially lead to server takeovers and remote code execution. The issues included an unauthenticated management interface API misconfiguration, a remote server-side request forgery bug, and a SnakeYAML deserialization vulnerability. Before the patch release, tens of thousands of instances were found vulnerable to cyberattacks.

Looney Tunables - a Linux bug

A Linux vulnerability called Looney Tunables could allow local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader. This flaw (CVE-2023-4911) was introduced in April 2021 with the release of glibc 2.34. It affects major distributions like Fedora, Ubuntu, and Debian. Qualys, which discovered the vulnerability, has not released exploit code but warns that other research teams could produce and release exploits, potentially putting numerous systems at risk.

Qualcomm addresses zero-day bugs

Qualcomm fixed three zero-day vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) reported by Google. Although no specific attacks were disclosed, Google's involvement suggests possible exploitation by commercial spyware vendors targeting devices with Qualcomm chips. The majority of Qualcomm's self-discovered vulnerabilities were found to affect its modems, WLAN firmware, and automotive products. Among the patched flaws were memory bugs and information disclosure issues that could lead to arbitrary code execution or denial of service.

Related Threat Briefings